Citrix StoreFront and Workspace App Affected by New Vulnerabilities

Citrix has just announced security issues that impact Citrix StoreFront and Citrix Workspace app. Each vulnerability is detailed below with steps customers can take to mitigate the issue.

 

Citrix StoreFront Vulnerability

If exploited, this issue, identified as CVE-2020-8200, would allow an attacker who is authenticated on the same Microsoft Active Directory domain as a Citrix StoreFront server to read arbitrary files from that server.

 

The vulnerability affects the supported Current Release (CR) version of Citrix StoreFront before 1909, as well as the following supported Long Term Service Release (LTSR) versions of Citrix StoreFront:

 

  • Citrix StoreFront 1912 LTSR before CU1 (1912.0.1000)
  • Citrix StoreFront 3.12 for 7.15 LTSR before CU5 Hotfix (3.12.5001)
  • Citrix StoreFront 3.0 for 7.6 LTSR before CU8 Hotfix (3.0.8001)

 

Citrix StoreFront is included as part of Citrix Virtual Apps and Desktops, and customers running Citrix Virtual Apps and Desktops 2003 would be affected, since the 1912 LTSR version of Citrix StoreFront is included.

 

Mitigation Steps

Citrix strongly recommends that customers running affected versions of Citrix StoreFront, both CR and LTSR versions, upgrade to one of the following fixed versions as soon as possible:

 

  • Citrix StoreFront 1912 CU1 (1912.0.1000) and later versions of Citrix StoreFront 1912 LTSR
  • Citrix StoreFront 3.0 for 7.6 LTSR CU8 Hotfix (3.0.8001) and later versions of StoreFront 3.0 for 7.6 LTSR
  • Citrix StoreFront 3.12 for 7.15 LTSR CU5 Hotfix (3.12.5001) and later versions of StoreFront 3.12 for 7.15 LTSR

 

For more information, visit this Citrix support article.

 

Citrix Workspace Vulnerability

Issue CVE-2020-8207 has been identified in the automatic update service of Citrix Workspace app for Windows that could result in:

 

  • A local user escalating their privilege level to that of an administrator on the computer running Citrix Workspace app for Windows.
  • A remote compromise of the computer running Citrix Workspace app when Windows file sharing (SMB) is enabled.

 

This vulnerability affects the following supported versions of Citrix Workspace app for Windows (but not on any other platforms or any supported versions of Citrix Receiver):

 

  • Citrix Workspace app 2002, 2006 and 2006.1 for Windows
  • Citrix Workspace app 1912 LTSR for Windows (before CU1 Hotfix 1)

 

This vulnerability was originally reported against a subset of the versions above. However, further investigation has discovered potential variant forms of this attack and the affected versions have been amended accordingly.

 

The vulnerability only exists if Citrix Workspace app was installed using an account with local or domain administrator privileges.  It does not exist when a standard Windows user installed Citrix Workspace app for Windows.

 

A remote compromise is only possible when the user has enabled Windows file sharing (SMB) and only when the updater service is running.  If authentication is required for SMB, then an attacker must be able to authenticate before they could exploit this issue.

 

Mitigation Steps

Users with automatic updates enabled and applied within Citrix Workspace should have already been updated to a fixed version. Citrix strongly recommends that customers check if the version they are running has been automatically updated and, if necessary, upgrade to one of the following fixed versions as soon as possible:

 

  • Citrix Workspace App 2008 or later
  • Citrix Workspace App 1912 LTSR CU1 Hotfix 1 (19.12.1001) and later cumulative updates

 

For more information, visit this Citrix support article.

 

If you need help addressing these vulnerabilities or have any questions related to this issue, please call us at 888-631-2231 or email support@a2u.net.